From: kindloaf@gmail.com (Hong)
Date: Sat, 6 Sep 2008 22:57:26 -0400
Subject: [refpolicy] Cannot use SSH with Refpolicy in Ubuntu Hardy
In-Reply-To: <BD351E70-D3B9-49D1-8DA6-43C7C99B0823@gmail.com>
References: <f00ed96d0809061736x73650e80s159ab2d5f2309cc2@mail.gmail.com>
	<BD351E70-D3B9-49D1-8DA6-43C7C99B0823@gmail.com>
Message-ID: <f00ed96d0809061957w5fe62fd4sa7cf36113a82e01d@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Thanks for your reply, Justin.

I just changed the line `SELINUX=enforcing` to `SELINUX=permissive` and
reboot the system.

After reboot, I checked `getenforce` and it returned `permissive`.

But still I cannot ssh to the machine remotely...
After each try with a correct password, /var/log/message doesn't grow but
/var/log/audit/audit.log grows with one line.
If I tried with an incorrect password, neither of the two log files changed.


Hong

On Sat, Sep 6, 2008 at 10:18 PM, Justin P. Mattock
<justinmattock@gmail.com>wrote:

> I know this might sound stupid, but
> Check and make sure /etc/selinux/config is in permissive
> As well. I.g. A few months ago I couldn't boot, because of having that file
> In enforcing.
>
> justin P. Mattock
>
>
>
>
> On Sep 6, 2008, at 5:36 PM, Hong <kindloaf@gmail.com> wrote:
>
>  Hi,
>>
>> I downloaded the source of refpolicy in Hardy.  (`apt-get source
>> refpolicy`).  I compiled the policy and loaded it.  And then I reboot the
>> system with PERMISSIVE mode.  (add `enforcing=0` in the kernel options when
>> booting)
>>
>> Now I cannot login the system remotely using ssh.  Note that the system is
>> in PERMISSIVE mode! (`getenforce` returns `Permissive`).  Everytime I tried
>> `ssh my_host_name` and enter the correct password, the client side shows
>> "Read from remote host my_host_name: Connection reset by peer
>> Connection to my_host_name."
>>
>> And after each unsuccessful login, the /var/log/audit/audit.log file on
>> the server   added a line:
>> "type=ANOM_ABEND msg=audit(1220746818.492:93): audit=4294967295 uid=1000
>> gid=1000 subj=system_u:system_r:sysadm_t pid=4713 comm="sshd" sig=6"
>>
>> By the way, when I use `make load` to load the policy, there is a one-line
>> error message
>> '[19691.816572] secuirty; context system-u;system-r;sysadm-mail-t is
>> invalid'
>>
>> I am not quite familiar with the messages.  Can anyone help me to see
>> what's going?
>>
>>
>> Thanks,
>> Hong
>>
>>
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20080906/94cb8da0/attachment.html